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Analysis ofTeper et al. (5,815,665) Claims 




Oliver etal.. 

(Clickshare Service Corp., assignee) 



CLICKSHARE SERVICE CORP. 
ANALYSIS OF TEPER ET AL. CLAIMS 
(v2.0 09-27-99 including citations to Oliver et al.) 



Text from Teper et al. is shown in light-face 10-point type in narrow column width. 

Annotating comments by Clickshare Service Corp. are shown in italics 10-point type across the full 

width. 

Excerpts from Oliver et al. are shown in lift-face, 12-point type, surrounded by quotations. 

IMPORTANT NOTE: Within Oliver, references occur throughout to the "home" Publishing 
Member of the user. Subsequent to filing of the patent application, a decision was made to 
standardize the reference to a "home" Publishing Member as a "Clickshare Service Provider." The 
patent application refers at some points to the Service Provider and at other points to the "home 
Publishing Member. " These terms are interchangeable and are distinct from the generalized 
mention of a "Publishing Member" - an entity which sells information resources but does not 
maintain an account relationship with users. The Fig. 1 accompanying the patent application 
records this duplicate terminology with the reference inside the circle of the "Home" Publishing 
Member which reads: "Client . . . Home Publishing Member - a/k/a Clickshare Srvc Provider." 

1 . A method of providing an online service to a user over a public 
network, the online service provided by a Service Provider (SP) site 
to a user computer via the public network, the method comprising the 
steps of: 

Oliver also describes a service to users over a public network provided by a Clickshare Service 
Provider to a user computer via the public network and also by Clickshare Publisher Member(s) to a 
user computer via the public network. 

Oliver at Page 6, Lines 9-13: 

"The ClicksharelTVS Service is a distributed user-management service for Internet 
information micropayments, access control, audience measurement and personalization 
with one-ID, one-bill user convenience. It is designed to address the problem of how 
to charge Internet users for their use of resources and control their access to those 
resources. It is also designed to provide for the transfer of information about users 
among multiple web sites in order to control access or define service authorization. 9 

Oliver at Page 7, Lines 12-26; 

"INFORMATION SELLERS/ RESOURCE PROVIDERS - Operators of World Wide 
Web sites who wish to make money from the sale of information or software, or wish 
to control access to resources. These are called Clickshare Publishing Members or 
Clickshare Resource Providers. Examples include; newspapers, magazines, specialty 
publications, new-media entrepreneurs, game vendors, software publishers, health- 
care providers, network or other service providers. 

"BILLING AGENTS/ SERVICE PROVIDERS - Consumers have preexisting, ongoing 
credit relationships with billing agents or service providers who agree to become 
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Clickshare Service Providers. In exchange for a negotiated share of the "Clickstream" 
revenue from information sales, or for other consideration, these service providers 
assume responsibility for servicing and billing consumer or enterprise end users and 
for authenticating the user at the start of a Clickshare/ TVS session. Examples include: 
Internet Service Providers, newspapers, specialized publishers, online services, 
telephone companies, cable and utility companies, credit-card issuing banks, health- 
care providers, retailers, other consumer-credit entities, network or other service 
providers and other enterprises. " 



sending a request message from the user computer to the SP site over 
the public network to request the use of the online service; 

Oliver describes the sending of a request message from the user computer to a Publishing Member site 
(analogous to the "service provider" in Teper) to request a resource from the site. 

generating a challenge message at the SP site in response to the 
request message and sending the challenge message over the public 
network to the user computer; 

Oliver describes the Publishing Member site responding to an HTTP request for service with a request 
for to the end-user's computer for the user to either "log-in " to that Publishing Member site or 
provide a hint to the PubMbr site of where to redirect the user for authentication. (See accompanying 
screen shot, labeled as Exhibit A ) 

generating a response message in the user computer in response to the 
challenge message and sending the response message over the public 
network to the SP site, the response message including or being based 
upon an identifier of the user; 

Oliver describes the end user, in response to the authentication challenge, replying with an identifying 
user name/password string, or, if the user name/password string has been cached in the web browser, 
the user computer returns the string automatically. 

Oliver Page 48, Lines 2-5; 

"To begin, the user points his WWW browser to the home page set up for him at his 
"home" Publishing Member (step 1). This page has been designated as 
"authentication required" by the Publishing Member, so the user's browser receives 
back from the Publishing Member's HTTP server an appropriate status message. The 
browser prompts the user for his user-name and password, which it then returns to the 
HTTP server as Request Header information. 9 



sending at least the response message from the SP site to a remote 
online broker site, the online broker site having a brokering database 
which contains account information of registered users of an online 
brokering service of the online broker site; 
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Oliver describes the sending by a Clickshare Sendee Provider [otherwise known as "home " Publishing 
Member] site of an authentication request to the Clickshare Token Validation Service ("online brokering 
service"), along with user preference information, in order to obtain an encoded, session-based token 
identifying that user. 

Oliver Page 48, Lines 15-25: 

"Once the HTTP server has obtained the user's Authentication information and 
has validated it locally, the HTTP server contacts TVS with a request for a new 
Authentication Token. In making this request, the HTTP server sends the user's profile 
to TVS with a request for a new Authentication Token. This profile information (along 
with other per-user information) is stored in each publisher's registration database. 

"7.3 TOKEN GENERATION AND RETURN 

"TVS uses information from the user's profile to build the Authentication token. 
For example, the user's service class information is used to determine what the token 9 s 
validity period will be. The Authentication Token has an encrypted "pay load" and is 
"uuencoded" and "sanitized" to accommodate the Web URL naming syntax where 
required. The token is "opaque" to both the HTTP server and to the Web browser 
client. " 

And Oliver at Page 17, Lines 10-26: 

"TVS introduces the notion of a "session " into the World Wide Web. Once a user is 
authenticated by his "home" Publishing Member, that Publishing Member provides 
user profile information to its TVS server, which returns an authentication token that 
is valid for a restricted period of time. Once given this token, the user can access any 
TVS-enabled HTTP server for the duration of validity without reauthentication. This 
time period is the "session ". 

"Publishing Members maintain a "user profile" of each User Member. This profile 
contains three types of information: "preference" information, "service class" 
information and, if desired, "pricing'' information. Preference information is given by 
the user member, while service-class information and pricing information are provided 
by the Publishing Member. These types of information relate to the variety and quality 
of services offered by the Publishing Member, and each may affect the cost of that 
service. Some of the profile information can be changed on a session basis, where 
other types can only be changed by the Publishing Member at fixed points. 

Oliver Page 18, Lines 3-8: 

"At the start of each session, this profile information is passed to the TVS 
server when the HTTP server requests an authentication token for the user. The 
information is loaded by the TVS server into a Dynamic Session Database. When, 
during the session, any Publishing Member requests that TVS validate this 
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authentication, TVS returns the profile information to that Publisher as part of the 
authentication. Thus, even though each user is "owned" by only one Publishing 
Member (the "home"), all Publishing Members have access to that user's profile 
information through TVS. * 



Oliver also describes the sending of that token by a Clickshare Publishing Member site (know as the SP 
site in Teper) to the Clickshare Token Validation Service (known as the "online brokering service" in 
Teper) . In both Teper and Oliver the back-end service (TVS or "online brokering service") has a 
database which contains account information of registered users. 



Oliver at page 50, lines 2-7: 

"The HTTP server contacts the TVS server to verify that the provided token is 
valid (that is, this is a valid user and a valid session). 

"7.7 VERIFICATION AND PROFILE RETURN 

"The TVS server receives the request, and verifies it using the internal 
databases it has constructed from the information provided when Authentication 
Tokens are issued. As an acknowledgment, TVS returns the user's profile information 
to the HTTP server." 

Oliver at Page 30, Lines 7-21: 

"The TVS server maintains a Dynamic Session Database (short-lived) of active 
sessions, indexed by user identification number, "home" publisher affiliation, and the 
user's host IP address. Among the data contained in the Dynamic Session Database 
are: 

-- Alpha-numeric identifying number of the user 

— User-owning publishing-member number (Clickshare Service Provider) 

— Session number 

-- Current number of authentications (cumulative) 

~ User service parameters including: 

~ Parental control flag (ON/OFF) 

— Full ads I links only I no ads 

— Pricing query threshold 

— Service-class designator (price markup value) 

— Session start time 

— Topical information preferences (if "open'') 

— Age, sex, income, demographic profile (if "open")" 

Oliver page Page 49, Lines 4-8: 
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"When the HTTP server receives the returned token, it is ready to deliver the 
requested content (as well as the token) to the requesting client. The content is 
delivered in the canonical HTTP method (accompanied by MIME Response Headers as 
appropriate). The Authentication token can be delivered to the user's client program 
(Mosaic, Netscape, Lynx, an "agent", etc.) in several ways. " 

Oliver, Page 50, Lines 9-14: 



"7.8 CONTENT RETURN 

The HTTP server uses the profile information to determine how best to 
respond to the user's request. In some cases, information in the profile may indicate 
that the server should not respond or warn the user about the cost of nature of the 
information requested. The profile information returned to the HTTP server can be 
used by the server itself to flilfill the request (typically the case with standard "static" 
file service requests), and is also made available as part of the execution environment 
for Common Gateway Interface (CGI) scripts." 

processing the response message at the remote online broker site to 
determine whether the response message is authentic, the step of 
processing comprising accessing the account information in the 
brokering database; 

Oliver describes the processing of a response message containing a user token to see if the token is 
valid (i.e., issued previously by the Token Validation Service), including the step of accessing a 
u dynamic session database" containing account information of registered users with an active session 
underway. 

Oliver at page 50, lines 5-7:: 

M 7.7 VERIFICATION AND PROFILE RETURN 

"The TVS server receives the request, and verifies it using the internal 
databases it has constructed from the information provided when Authentication 
Tokens are issued. As an acknowledgment, TVS returns the user's profile information 
to the HTTP server." 

sending a verification message from the remote online broker site to 
the SP site, the verification message indicating whether the response 
message is authentic; 

Oliver describes TVS sending a verifying message to the Publishing Member web site, indicating 
whether the response message (in Clickshare, the "token") is authentic - that it represents a key to a 
set of data within the dynamic session database relating to a particular user's active session 
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underway. 

Oliver at page 50, lines 5-7: 

"7.7 VERIFICATION AND PROFILE RETURN 

"The TVS server receives the request, and verifies it using the internal 
databases it has constructed from the information provided when Authentication 
Tokens are issued. As an acknowledgment, TVS returns the user's profile information 
to the HTTP server." 



retrieving access rights data of the user from the brokering database 
if the response message is authentic, the access rights data specifies 
a plurality of content categories to which the user has access, the 
plurality of content categories corresponding to a plurality of 
different online services offered by the SP site; 

Oliver describes the retrieving by TVS ("online broker") from its dynamic session database of service 
class data (determining access rights and content categories). 

sending the access rights data from the online broker site to the SP 
site; 

Oliver describes the sending of such service-class data from TVS ("online broker site") back to the 
Clickshare Publishing Member ("SP") site. 

providing the online service from the SP site to the user computer 
over the public network if the verification message indicates that the 
response message is authentic; and 

Oliver describes the step of the Publishing Member ("SP") site sending requested information to the 
end-user's computer if the message received from TVS ("online broker site") confirms that the token 
submitted was found to be associated with a set of user data in the TVS dynamic session database. 

Oliver at Page 57, Lines 23-25; Page 57, Lines 1-2: 

u 26. A method as recited in claim 24, which includes an acceptance step by 
which a client* s token is accepted by a method member from whom the client wishes 
to receive services or goods across a data network, and is instantaneously submitted to 
the method's common service point, which, if the token's contents match that of a 
token in the common service point's dynamic session database, returns preference, 
pricing and service-class information about the requesting client, prior to the 
providing of the requested services or goods across a data network. " 

denying access by the user to the online service if the verification 
message indicates that the response message is not authentic. 

Oliver describes the condition of a "bad token" in which the end user's computer is sent a message 
denying access to requested content. [See Exhibit B, attached hereto] 
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Oliver at Page 51, Lines 2-14: 

"7.10 HANDLING VALIDATION TIME-OUT 

When a user's Authentication Token "times-out", information requests made 
with that token are invalid. If the user does not specifically end his session prior to 
this time-out, it is likely that the user will be making an information request to a 
Publishing Member other than his "home " when the time-out happens. 

"TVS, in cooperation with the HTTP servers, provides a mechanism to return 
the user to his "home" Publishing Member, undertake the process of re- 
authentication, and return to the site of the timed-out request - all transparently to 
the user. This process is handled using HTTP "Redirect" responses, but the key to 
success is the association with TVS which is the only party that knows where the user's 
home can be found. 

"A similar process works when completely invalid tokens are presented to TVS 
for verification. In such cases, TVS instructs the HTTP server to redirect the user to 
known points (in the current case, to Clickshare Service Corp. 's pages) such that the 
user can return "home" himself, or can select a "home" if necessary. 



2. A method as in claim 1, wherein the step of generating a response 
message comprises obtaining a password of the user. 

Oliver describes a process in which the user enters a user name and password as a response to the 
request from the Clickshare Publishing Member for authentication. 



3. A method as in claim 2, wherein the step of generating the response 
message further comprises applying a cryptographic algorithm to at 
least the challenge message such that the resulting response message 
depends upon both the challenge message and the password. 

Oliver does NOT describe any use of crytographic algorithms in the interactions between the end 
user's computer and the Clickshare Publishing Member or Clickshare Service provider. 

4. A method as in claim 2, wherein the step of obtaining the password 
of the user comprises retrieving the password from a password cache on 
the user computer, the password cache temporarily storing the password 
following manual entry by the user, the method thereby enabling the 
user to access multiple SP sites without re-entering the password. 

Oliver describes the use of the password cache within the web browser software on the user's 
computer to retrieve the temporarily stored user name/password string provided earlier by the user so 
as to be able to access multiple web sites without re-entering the password. 

Oliver at Page 31, Lines 8-10: 
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"Users with active sessions will have to re-authenticate with their home 
publisher, but this is transparent given graceful handling by the TVS client web server 
and caching of usernamel password in most browsers. " 



5. A method as in claim 1, further comprising the steps of: 
assigning an anonymous identifier to the user at the online broker 
site and sending the anonymous identifier to the SP site to enable the 
SP site to anonymously charge the user for an online service; and 
generating a billing event at the SP site and sending the billing 
event to the online broker site, the billing event specifying at least 
(1) the anonymous identifier of the user, and (2) a monetary charge to 
be applied to an account of the user. 

Oliver describes the steps of the Token Validation Service (online broker) constructing (assigning) a 
token (anonymous identifier) and sending the token to the Clickshare Service Provider (service provider) 
site to enable the Service Provider site to in turn provide the token to web-browser software on the end- 
user* s computer, which browser may in turn provide the token to Clickshare Publishing Member 
websites when the user seeks service from the publishing member site. The Publishing Member website 
generates an enhanced log report ( billing event) and sends the log report to the Token Validation 
Service (online broker), the log report specifying at least (a) the token (anonymous identifier) specific 
to that particular user's and (b) a monetary charge to be applied to the account of the user. 



Oliver at Page 16, Lines 14-23: 

"Using the TVS model, individual publishers or service providers authenticate 
their own users, and then ask TVS to store the user's preference, pricing and service- 
class information in a "publicly accessible " place. In return, TVS provides an 
authentication token which is returned to the user (specifically, the user's browser). 
All subsequent access to any TVS-enabled service is governed by this token (non-TVS 
services are not affected). TVS validates the token on behalf of any individual service, 
and passes in return the user's profile and class information. When a server has 
provided service to a validated user, that server returns to TVS a record of the service 
provided. This record is used by TVS to generate a number of forms of usage 
information, particularly billing and settlement information. Periodically, this 
information is returned to all publishers. 9 



Oliver at Page 17, Lines 10-16: 

"TVS introduces the notion of a "session" into the World Wide Web. Once a user is 
authenticated by his "home " Publishing Member, that Publishing Member provides 
user profile information to its TVS server, which returns an authentication token that 
is valid for a restricted period of time. Once given this token, the user can access any 
TVS-enabled HTTP server for the duration of validity without reauthentication. This 
time period is the "session ". 
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Oliver at Page 34, Lines 3-24 and Page 35, Lines 1-22: 



"5.13.1. CLICKSHARE-ENHANCED LOG FORMAT 

"The TVS client transmits to the server-side (logging facility) records of each 
access in an enhanced Common Log Format. Seven pieces of information are provided 
in the Common Log Format: 

— fully qualified domain name (or dotted decimal IP address) of the client 

— rfc931 user 
~ auth user 

— date in ddlmmlyyyy:hr:mn:se -OXXX format (where OXXX" is hours 

from GMT) 

— the request (a quoted string featuring method + URL filepart) 

— the HTTPD status code 

— the number of bytes transmitted to the client 

u In addition, the TVS client transmits the following Clickshare-specific 
information: 

— content server ID (cs contentpmid) -- A globally unique ID number 
identifying the company which served the content to the user. Clickshare Service Corp. 
maintains a map of ID numbers to company names and contact addresses. 

— page class (cs j>ageclass) A numeric identifier for the value of the page 
served. The value is used as a lookup into a table of currency-denominated values 
which are used to price the page. 

— user ID (cs userid) — A user identifier, unique to each Clickshare service or 
content provider, that identifies the user within that provider's site. 

— home publisher ID (cs homepmid) — A globally unique ID number 
identifying the company which maintains the financial relationship with the user (user 
ID) for billing purposes. 

— session ID (cs sessionID) An identifier for an activity session by a user. A 
session is a defined period of time during which an authentication token is valid. The 
length of a session can be requested by the user, or set by the home provider, upon 
startup). Sessions may be concatenated in time, but sessions cannot overlap. Session 
IDs are unique to each publisher for a period of about eight months. 

— customer group (cs custgroup) — A numeric identifier for the customer's 
local group. Two groups are global within Clickshare: Group 1, the default standard 
group and Group 15, the "testdrive" group. All other values are set locally by the 
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home publisher for his own reference. 

— service class (csserviceclass) — A coded numeric identified for special 
service classing. Service classes may be related to markup ratios for retail pricing or 
may specific the types of services or goods which the user is authorized to acquire or 
receive. 

— flags (csflags) — A coded numeric identifier which concatenates all the 
user-preference flag information (on/off flags) for this session. These preference flags 
relate to user privacy, parental-control (content selection) and other features and part 
of the "contract" between the user and the user's Clickshare Service Provider. 

"Other open data blocks are designed to carry releasable demographics and 
topical preferences, or other metrics, including a Universal Resource Identifier [see 
Section 5.20] depending upon the requirements of Clickshare service members." 



6. A method as in claim 5, further comprising the steps of: 

establishing a connection between the user computer and the online 
broker site; and providing an online billing statement to the user over the 
connection, the online billing statement reflecting the monetary charge 
specified in the billing event. 

(NOT ANALAGOUS TO CLICKSHARE ARCHITECTURE; WE HAVE A UNIQUE CLAIM HERE) 

Oliver describes establishing a connection between the Token Validation Service (online broker site) 
and the Clickshare Service Provider site and providing periodic aggregated usage reports to the 
Clickshare Service Provider of access by the CSPs end-users to online resources at various Clickshare 
Publishing Member sites. Oliver also describes the transmission via Email of a periodic report of the 
end-user's usage to the end user's Email account from the Clickshare Service Provider. 



7. A method as in claim 5, further comprising the step of sending a 
billing statement from the online broker site to the user computer 
over the public network, the billing statement reflecting the monetary 
charge specified in the billing event. 

(NOT ANALOGOUS TO CLICKSHARE; WE HAVE A UNIQUE CLAIM HERE) 

Op. Cit. , above, Clickshare backend sends aggregated, periodic log reports to end-user's "home base n 
- the Clickshare Service Provider, which is responsible for sending and/or presenting those reports to 
the end user. We have thought about a direct query by the end user to the Clickshare backend in real 
time to support debit transactions but have not implemented. 

8. A method as in claim 1, further comprising the steps of: 

sending an access rights update request from the SP site to the remote 
online broker site, the access rights update request specifying an 
update to be made by the online brokering service to the access rights 
of the user; and 

processing the access rights update request at the online broker site 
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by updating the access rights data of the user stored within the 
brokering database. 

Clickshare describes the transmission of specific user profile, preference and service-class (access 
rights) information (updates) from the Clickshare Sendee Provider website to the Clickshare Token 
Validation Service backend (remote online broker site) at the time the end-user initiates a Clickshare 
session. The information (updates) is used to populate a database entry, a token is constructed which is 
a key to that database entry, and the token is returned to the Clickshare Service provider, which in turn 
is provided to the end-user's web browser. [See citations to Oliver et al. at Claim No. 5, above] 

9. A method as in claim 1, further comprising the steps of: 
retrieving user-specific preference data of the user from the 
brokering database and sending the preference data from the online 
broker site to the SP site, the preference data indicating at least 
one user-specified preference for the customization of online 
services; and 

adjusting the online service provided from the SP site according to 
the user-specified preference. 

Oliver describes the step of retrieving user-specific preference data of the user from the dynamic session 
database of the Clickshare Token Validation Service (brokering database) and sending the preference 
data from the TVS (online broker site) to the Clickshare Publishing Member (SP) site, the preference 
data indicating at least one user-specified preference for the customization of online services; and 
adjusting the online service provided from the Publishing Member (SP) site according to the user- 
specified preference, e.g., serving an advertisement for a product of interest to the user based on the 
user*s preferences. [See citations to Oliver et al. at Claim No. 5, above] 

Also, Oliver at Page 6, Lines 18-21: 

"PERSONALIZATION It allows consumers to store their custom information 
preferences as part of their user profile and then optionally give those preferences to web 
publishers who wish to personalize their offerings." 

10. A method as in claim 9, wherein the preference data includes a 
connection speed at which the user computer connects to the public 
network, and wherein the step of adjusting comprises providing the 
service to the user computer at a speed which is commensurate with the 
connection speed. 

Oliver makes no specific mention of transferring preference data about connection speed. 

1 1 . A method as in claim 9, wherein the preference data includes a 
display preference for the display of a particular type of media. 

Oliver makes no specific mention of transferring preference data about display of a particular type of 
media. 

12. A method as in claim 1, further comprising the steps of: 
generating a first session key at the user computer; 

generating a second session key at the online broker site and sending 
the second session key to the SP site, the second session key 
corresponding to the first session key; and 
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using the first and second session keys to encrypt and decrypt message 
traffic between the user computer and the SP site as the online 
service is provided to the user computer. 

Oliver makes no specific mention of encryption technology at the end-user level. 

Oliver at Page 38, Lines 2-10: 

u In the current implementation of the TVS service, almost no encryption is 
used. The only transacted item that is encrypted is the authentication token which 
travels along with each user request. This token is issued by the Clickshare/ TVS 
authentication server, and only that server needs to "decrypt" it. All other parties 
(HTTP servers, and other TVS servers) treat the token as "opaque Since only the 
originating TVS server will view the contents of the authentication token, a "private 
key" encryption algorithm can be used. That private key is stored on the 
authentication server which originates the token, and remains valid only for the 
duration of that user's session. 

"Currently, TVS uses the IDEA encryption algorithm with a 128-bit key. n 



13. A method as in claim 1, wherein the public network comprises the 
Internet. 

Oliver describes a preferred implementation using the Internet. 

14. A method as in claim 1, wherein the steps of passing the request, 
challenge and response messages over the public network respectively 
comprise passing the request, challenge and response messages over a 
private network. 

Oliver does not differentiate between an implementation on a public or private network. 

Oliver at Page 2, lines 20-21: 

"It is, therefore, an outstanding object of the present invention to provide a 
system and method for managing transactions on networks. w 

15. A method providing a fee-based online service from a Service 
Provider (SP) site to a user over a public network while concealing 
the payment and personal information of the user from the Service 
Provider, comprising the steps of: 

Oliver describes providing information and services for fees from a Clickshare Service Provider to a 
user over a public network while concealing the payment and personal information of the user from the 
Clickshare Publishing Members who provide the services or information. 

Oliver at Page 13, Lines 10-12: 
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"In providing the TVS service, Clickshare Corporation or its licensee maintains 
only transitory knowledge of any specific user, and even then, only by a user 
identification number (not by demographic or financial information). " 

Oliver at Page 14, Lines 13-26; Page 15, Lines 1-2: 

"4.4. NO SPECIFIC PRIVACY MODEL ENFORCED 

a Clickshare realizes that being involved in the "authentication " universe means 
dealing with sensitive personal financial information. There is a lively debate on-going 
among privacy advocates and content providers (who use the sales of lists of such 
information to enhance their revenues). 

"The TVS model does not enforce a specific privacy model. The service itself 
operates by identifier numbers, not by names, and Clickshare Service Corp. — on its own 
~ will not be able to correlate an ID with a person. However, nothing inherent in the 
TVS service specifically prevents a Publishing Member from making this correlation on 
his own through methods unrelated to the Clickshare service. It is possible within the 
design of TVS to offer a "Swiss-bank" type of "blind usage "for users that wish to pay for 
same. No such service is currently implemented. 

"As designed, TVS will be able to collect and aggregate content usage information 
and "localize" this information to a specific user-ID and provider-ID. This alone will go 
a long way towards providing third party verification of use without direct reference to 
personal information. " 



providing an online broker site that provides an online brokering 
service, the online broker site having a brokering database which 
contains account information on the user and on other users of the 
online brokering service, the online broker site located remotely from 
the SP site; establishing a connection between a computer of the user 
("user computer") and the SP site over at least the public network; 
generating an encrypted authentication message at the user computer 
and sending the authentication message to the online broker site via 
at least the public network; 

verifying the authentication message at the online broker site to 
thereby authenticate the user, the step of verifying comprising 
accessing the account information of the user stored in brokering 
database; 

generating an anonymous ID at the online broker site and sending the 
anonymous ID to the SP site to allow the SP site to charge the user 
for the online service; 

Oliver describes providing a Token Validation Service (online broker site) having a dynamic session 
database (brokering database) which contains information on the user and other users of the 
Clickshare/TVS Service's affiliated Service Providers, the TVS (online broker site) being located 
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remotely from the Clickshare Publishing Member sites (SP site); establishing a connection between a 
computer of the user and the Clickshare Publishing Members site (SP site) over any network; 
generating an encoded or encrypted message at the Clickshare/TVS Service, sending that message to the 
Clickshare Service Provider, which sends it to the end-user's computer which submits it to the 
Clickshare Publishing Member website, which submits it to the Clickshare/TVS Service for 
authentication. 

Oliver at Page 18, Lines 3-8; 

"At the start of each session, this profile information is passed to the TVS 
server when the HTTP server requests an authentication token for the user. The 
information is loaded by the TVS server into a Dynamic Session Database. When, 
during the session, any Publishing Member requests that TVS validate this 
authentication, TVS returns the profile information to that Publisher as part of the 
authentication. Thus, even though each user is "owned" by only one Publishing 
Member (the "home"), all Publishing Members have access to that user's profile 
information through TVS. " 

providing the online service from the SP site to the user computer 
over the public network; 

Oliver describes providing content (online) services from a Clickshare Publishing Member site (SP site) 
to the user computer over a network. 

Oliver at Page 2, Lines 4-8: 

* . . . Specifically, the Internet environment is very decentralized, and no one 
organization controls the user base or access to resources. While this 
decentralization has tremendous advantages (chief among them, the freedom to select 
from a wide number of service and content offerings), this lack of "unity" can confuse 
and sometimes frustrate both potential information providers and users . . . . " 

Oliver at Page 4, Lines 22-25: 

"TVS is a service for validating and profiling a large base of users distributed 
across independent content and service providers, simultaneously supporting content 
usage verification ("audience measurement"), billing at the "micro-transaction" 
("per-page") level, and exchange of user attributes. " 

Oliver at Page 5, Lines 9-13: 

"Using TVS, content providers can "share users" through a common 
validation/profiling technique and exchange value for their content through a 
common, background, process. By permitting owners of content to collect royalties 
and receive commissions automatically, TVS creates the economic incentive for 
content providers to link to each other's content in a manner that leverages the 
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content base of all providers simultaneously, and is completely transparent to the 
user. n 

retrieving user-specific customization data of the user from the 
brokering database and sending the customization data from the online 
broker site to the SP site, the customization data indicating a 
user-specified preference for the customization of the online service; 
adjusting the online service provided from the SP site according to 
the user-specified preference; and 

generating a billing event at the SP site and sending the billing 
event to the online broker site, the billing event specifying at least 
(1) the anonymous ID, and (2) a monetary charge to be applied to an 
account of the user. 

Oliver describes retrieving use-specific customization data of the user from the Clickshare/TVS dynamic 
session database (brokering database) and sending the customization data from there to the Clickshare 
Publishing Member (SP) site, the customization data indicating a user-specified preference for the 
customization of the information (online) sevice; adjusting the service provided from the Clickshare 
Publishing Member (SP) site according to the user-specified preference; and generating an enhanced 
log report (billing event) at the Clickshare Publishing Member (SP) site and sending that report/event 
to the Clickshare/TVS (online broker site), the report/event specifying at least (a) the token (anonymous 
identifier) specific to that particular user's and (b) a monetary charge to be applied to the account of 
the user. 

Oliver at Page 16, Lines 14-23: 

"Using the TVS model, individual publishers or service providers authenticate 
their own users, and then ask TVS to store the user's preference, pricing and service- 
class information in a "publicly accessible" place. In return, TVS provides an 
authentication token which is returned to the user (specifically, the user's browser). 
All subsequent access to any TVS-enabled service is governed by this token (non-TVS 
services are not affected). TVS validates the token on behalf of any individual service, 
and passes in return the user's profile and class information. When a server has 
provided service to a validated user, that server returns to TVS a record of the service 
provided. This record is used by TVS to generate a number of forms of usage 
information, particularly billing and settlement information. Periodically, this 
information is returned to all publishers. " 

Also, Oliver at Page 6, Lines 18-21: 

"PERSONALIZATION — It allows consumers to store their custom information 
preferences as part of their user profile and then optionally give those preferences to web 
publishers who wish to personalize their offerings. * 

16. A method as in claim 15, wherein the step of generating an 
encrypted authentication message comprises the steps of prompting the 
user for a password and using the password to generate the 
authentication message, the password stored in the brokering database 
so that the online brokering service can determine whether the 
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authentication message corresponds to the password. 

Oliver describes a method wherein the step of generating an encrypted token (authentication message) 
comprises the steps of the Clickshare Service Provider prompting the user for a user-name and 
password, verifying that the user is registered with the provider, then requesting the Clickshare/TVS to 
accept certain demographic, preference and service-class information of the user into a dynamic session 
database in exchange for producing the encrypted token which acts as a lookup key for further access 
to the dynamic-session database record. 

17. A method as in claim 15, wherein the step of sending the encrypted 
authentication message to the online broker site comprises the steps 

of: 

sending the authentication message from the user computer to the SP 
site over the public network; and 

sending the authentication message from the SP site to the online 
broker site. 

Oliver describes the sending of the encrypted token by the web browser software on the end-user's 
computer to the Clickshare Publishing Member (SP) site, which then takes the token and submits it to 
the Clickshare/TVS backend 9online broker site) for authentication as matching a key to a database 
record in the dynamic session database. 

18. A method as in claim 15, further comprising the step of processing 
the billing event at the online broker site to thereby apply the 

charge to the account of the user. 

Oliver describes the processing of enhanced log reports (billing events) by the Clickshare/TVS backend 
(online broker site) for submission to the Clickshare Service Provider sites with whom users are 
registered; which Clickshare Service Providers then apply the charge(s) to the account of the user. 



Oliver at Page 19, Lines 7-25 and Page 20, Lines 1-21: 

"5.3.1. Server Side Components, 

"Clickshare Authentication Service 

"This service authenticates users in real time allowing each user access to any 
Clickshare Service Provider without reauthentication for the duration of one session. 
This service is provided by a set of server machines distributed around the Internet for 
better fault tolerance and performance. 

"Components 

+ Token Validation Service (TVS) server/daemon (tvsd) 
"Clickshare Logging Service 

This service logs user transactions occurring at all Clickshare Service 
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Providers sites, in real time. The major component of this service is the Logging 
Facility - a large database storing all transaction records for production billing. This 
facility can be operated behind a firewall, due to the design of the Facility interface 
server. 

Components 

+ Clickshare Logging Facility (SQL database) (mSQL) 
+ facility server interface daemon (logd) 

"Clickshare Settlement Service 

The service "settles " accounts receivable I accounts payable activity among the 
Clickshare Service Providers on a periodic basis. It interfaces to the Logging Facility 
database environment in an "off-line" (non real-time) manner. Activity reports are 
generated for all parties. An interface to the Automated Clearinghouse (ACH) allows 
fully automated settlement. 

Components 

+ settlement engine 

+ interface to automated clearinghouse (ACH, Bank of Boston) 

''Clickshare Billing Interface 

This service provides periodic billing records and account summaries to each of 
the Clickshare Service Providers. It interfaces to the Logging Facility database 
environment through a set of billing procedures which themselves are tailored to 
interface with customer billing systems. Billing records are sent to the Service 
Providers via electronic mail. As an auxiliary capability, the Clickshare Billing 
Interface can generate user account update summaries upon request from the Service 
Providers. 

Components 

+ billing record generator 

+ billing report generator 

+ session summary generator I remailer 

+ interface to Visa/MC electronic merchant vendor service" 



19. A method as in claim 18, further comprising the step of providing 
an account statement from the online broker site to the user computer 
over at-least the public network, the account statement reflecting the 
charge specified in the billing event. 
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Oliver does not describe a direct-bill relationship between the Clickshare/TVS and the end-user 
computer. 

[See comments to Claim No. 18, above] 

20. A method as in claim 15, further comprising the steps of: 

retrieving access rights data of the user from the brokering database, 

the access rights data specifying the access rights of the user with 

respect to the online service and/or the SP site; and 

sending the access rights data from the online broker site to the SP 

site. 

Oliver describes retrieving service-class (access rights) data of the user from the TVS dynamic session 
database (brokering database), the access rights data specifying the service class (access rights) of the 
user with respect to one or more Clickshare Publishing Member (SP) sites; and sending the service- 
class (access rights) data from the TVS database (brokering database) to the Publishing Member (SP) 
site. 

Oliver at Page 16, Lines 14-23: 



u Using the TVS model, individual publishers or service providers authenticate 
their own users, and then ask TVS to store the user's preference, pricing and service- 
class information in a "publicly accessible" place. In return, TVS provides an 
authentication token which is returned to the user (specifically, the user's browser). 
All subsequent access to any TVS-enabled service is governed by this token (non-TVS 
services are not affected). TVS validates the token on behalf of any individual service, 
and passes in return the user's profile and class information. When a server has 
provided service to a validated user, that server returns to TVS a record of the service 
provided. This record is used by TVS to generate a number of forms of usage 
information, particularly billing and settlement information. Periodically, this 
information is returned to all publishers. " 

21. A method as in claim 20, further comprising the step of 
interpreting the access rights data at the SP site to determine 
whether the user is authorized to access a particular content item of 
the SP site. 

Oliver at Page 6, Lines 22-25; 

"ACCESS CONTROL ~ It permits a web site to differentiate requests for information 
by individual users rather than broad domains — even if the user has never registered 
with that particular web site. This "Service Class*' technology avoids users having to 
maintain multiple IDs and passwords. ** 

Oliver at Page 7, Lines 12-14: 



"INFORMATION SELLERS! RESOURCE PROVIDERS Operators of World Wide 
Web sites who wish to make money from the sale of information or software, or wish 
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to control access to resources, " 



Oliver describes the step of the Clickshare Publishing Member (SP) site interpreting service-class 
(access rights) data to determine whether the user is authorized to access a particular content directory 
(item) of the Publishing Member (SP) site. 

22. A method as in claim 20, further comprising the step of sending an 
access rights update request from the SP site to the online broker 

site, the access rights update request specifying at least (1) the 
anonymous ID of the user, and (2) an update to be made by the online 
brokering service to the access rights data of the user. 

Oliver does not describe the sending of updating access or service information from the Clickshare 
Publishing Member (SP) to the Clickshare/TVS (online broker site). Rather, Oliver describes the 
transmission of user preference, demographic and service-class information to the Clickshare/TVS 
dynamic session database by the Clickshare Service Provider at the start of a Clickshare session, such 
data being extracted from the local user-registration database of the Service Provider. 

23. A method as in claim 15, wherein the customization data includes a 
connection speed at which the user computer connects to the public 
network, and wherein the step of adjusting comprises providing the 
service to the user computer at a speed which generally corresponds to 
the connection speed. 

Oliver makes no specific mention of transferring preference data about connection speed. 

24. A method as in claim 15, wherein the customization data includes a 
display preference for the display of a particular type of media. 

Oliver makes no specific mention of transferring preference data about display of a particular type of 
media. 

25. A method as in claim 15, further comprising the steps of: 
generating a first session key at the user computer; 
generating a second session key at the online broker site and sending 
the second session key to the SP site, the second session key 
corresponding to the first session key; and 

using the first and second session keys to encrypt and decrypt message 
traffic between the user computer and the SP site as the online 
service is provided to the user computer. 

Op. Cit., Claim No. 12 

26. A method as in claim 15, wherein the public network comprises the 
Internet. 

Op. Cit., Claim No. 13 

27. A method as in claim 15, wherein the online service comprises a 
software download service. 

Oliver describes the application of the Clickshare/TVS service for software downloads. 
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28. A method as in claim 15, wherein the online service comprises user 
access to an online version of a printed publication. 

Oliver describes the application of the Clickshare/TVS service for acess to an online version of a 
printed publication. 

Oliver at Page 7, Lines 10-17: 

u 3.2 PARTIES INVOLVED IN SERVICE 

"The parties involved in the Clickshare/TVS service include; 

"INFORMATION SELLERS/ RESOURCE PROVIDERS » Operators of World Wide 
Web sites who wish to make money from the sale of information or software, or wish 
to control access to resources. These are called Clickshare Publishing Members or 
Clickshare Resource Providers. Examples include: newspapers, magazines, specialty 
publications, new-media entrepreneurs, game vendors, software publishers, health- 
care providers, network or other service providers. m 

SECURE ACCESS TO SERVICES OVER AN UNTRUSTED NETWORK 

29. A system for allowing users to securely access online service 
providers over an untrusted distributed network, comprising: 

a plurality of Service Provider (SP) sites connected to the 
distributed network, each SP site running at least one service 
application to provide an online service to users over the distributed 
network; 

a plurality of user computers connected to the distributed network, 
each user computer running at least one client application for 
accessing online services of the SP sites; 

an online broker site connected to the plurality of SP sites, the 
online broker site running at least one brokering application to 
provide an online brokering service, the online broker site including 
a user database containing user-specific authentication information of 
users that have registered to use the online brokering service, the 
registered users accessing the SP sites from the users computers over 
the distributed network; 

a database which stores user-specific customization data, the 
customization data specifying preferences of the registered users with 
respect to the online services of the SP sites, the customization data 
provided to the SP sites by the online brokering service to enable the 
SP sites to customize the online services to the preferences of 
individual registered users; and 

an authentication protocol for allowing the online brokering service 
to authenticate registered users in response to user-specific 
authentication requests from the SP sites, the authentication requests 
responsive to requests from the user computers to access the online 
services of the SP sites, the authentication protocol implemented by 
software components of the user computers, the SP sites, and the 
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online broker site. 

Oliver describes a system for allowing users to access Clickshare Publishing Members (online service 
providers) over the Internet (unt rusted, distributed network), comprising: 

A plurality of Clickshare Publishing Members (SP) and Clickshare Service Provider sites connected to 
the Internet (distributed network), each such Publishing Member (SP) site providing content 
(service application) to provide information services (online service) to users over the Internet 
(distributed network); 

A plurality of user computers connected to the Internet (distributed network), each user computer 
running a web-browser client (client application) for accessing information content (online 
services) of the Clickshare Publishing Member (SP) sites; 

A Clickshare/TVS backend (online broker site) running the TVS server software (brokering application) 
to provide Token Validation Services (online brokering service), the TVS/brokering site including a 
dynamic session database (user database) containing user-specific preference, profile and service- 
class (authentication) information and accessed via an encrypted token-based key, such users 
having registered with their Clickshare Service Provider, the registered users accessing the 
Publishing Member/SP sites from the users 9 computers over the Internet (distributed network). 

A dynamic-session database (database) which stores user-specific preference, profile and service-class 
(customization) data specifying preferences of the registered users with respect to the information 
(online) services of the Publishing Member (SP) sites, the preference, profile and service-class 
(customization) data provided to the Publishing Member (SP) sites to enable the Publishing 
Member (SP) sites to customize the information (online) services to the preferences of individual 
registered users; and 

An authentication protocol for allowing the Clickshare/TVS to validate (authenticate) registered users 
of the Clickshare Service Providers in response to user-specific validation (authentication) requests 
from the Clickshare Publishing Member (SP) sites, the validation (authentication) requests 
responsive to requests from the user computers to access the information (online) services of the 
Clickshare Publishing Member (SP) sites, the validation protocol implemented by software 
components of the user computer's web browser, the Clickshare Publishing Member (SP) sites and 
the Clickshare/TVS (online broker) site. 

30. A system as in claim 29, further comprising a billing system for 
allowing the SP sites to charge the registered users for accesses to 
the online services by sending billing events to the online brokering 
service, the billing system including a centralized database for 
recording billing events to accounts of the registered users. 

Oliver teaches a system further comprising a billing system for allowing the Clickshare Publishing 
Member (SP) sites to charge the registered users of Clickshare Service Providers for access to the 
information (online) services of the Clickshare Publishing Member site by sending enhanced log records 
(billing events) to the Clickshare/TVS (online brokering service), the billing system including a 
centralized logging daemon (database) for recording enhanced log records (billing events) for periodic 
aggregation, sorting and charging to the accounts of Clickshare Service Providers, who in turn may 
charge their registered users. 



31. A system as in claim 30, wherein the billing system includes a 
billing viewer application running on the user computers, the billing 
viewer application allowing a registered user to view a personal 
billing statement stored in the centralized database, the billing 
statement including charges from multiple different SP sites of the 
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plurality of SP sites. 
Oliver does not specifically describe any end-user billing applications, However: 

Oliver at Page 19, Lines 16-25; Page 20, Lines 1-21: 

"Clickshare Logging Service 

This service logs user transactions occurring at all Clickshare Service 
Providers sites, in real time. The major component of this service is the Logging 
Facility - a large database storing all transaction records for production billing. This 
facility can be operated behind a firewall, due to the design of the Facility interface 
server. 

Components 

+ Clickshare Logging Facility (SQL database) (mSQL) 
+ facility server interface daemon (logd) 

"Clickshare Settlement Service 

"The service "settles " accounts receivable I accounts payable activity among 
the Clickshare Service Providers on a periodic basis. It interfaces to the Logging 
Facility database environment in an "off-line " (non real-time) manner. Activity reports 
are generated for all parties. An interface to the Automated Clearinghouse (ACH) 
allows fully automated settlement. 

Components 

+ settlement engine 

+ interface to automated clearinghouse (ACH, Bank of Boston) 

"Clickshare Billing Interface 

"This service provides periodic billing records and account summaries to each 
of the Clickshare Service Providers. It interfaces to the Logging Facility database 
environment through a set of billing procedures which themselves are tailored to 
interface with customer billing systems. Billing records are sent to the Service 
Providers via electronic mail. As an auxiliary capability, the Clickshare Billing 
Interface can generate user account update summaries upon request from the Service 
Providers. 

Components 

+ billing record generator 
+ billing report generator 
+ session summary generator I remailer 
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+ interface to VisalMC electronic merchant vendor service" 

Oliver at Page 36, Lines 12-17: 

"This Settlement Service stores records of user access to resources by Service 
Provider and by user within Service Provider and prepares the records for batch 
deliveries to the individual user's Service Provider. The Settlement Service also 
outputs charge records aggregated by Service Provider in a format which can be 
accepted by gateways to the U.S. banking industry's Automated Clearing House 
(ACH) service for electronic debiting and crediting of Service Provider and Publishing 
Member banking accounts. " 



32. A system as in claim 29, further comprising an access rights 
database at the online broker site, the access rights database storing 
access rights data for a plurality of the registered users, the access 
rights data specifying access rights of the plurality of registered 
users with respect to the SP sites, the access rights data provided to 
the SP sites by the online brokering service. 

Oliver describes a dynamic session database at the Clickshare/TVS backend (online broker site) which 
contains, among other things, user service-class data (access rights) provided by the user's Clickshare 
Service Provider, for a plurality of registered users, with respect to Clickshare Publishing Member (SP) 
sites, the service-class (access-rights) data provided to the Clickshare Publishing Member (SP) sites by 
the Clickshare/TVS backend (online brokering service). 

Oliver at Page 21, Lines 16-23; 

"This service allows Service Providers to register users for the purposes of 
access control, service customization and billing. All user demographic and financial 
information (in addition to preference and service classing information) is stored in 
these databases at each Service Provider site. Users are authenticated locally from 
information stored in these databases, after which a subset of the stored information is 
provided to the Clickshare Authentication Service so that it can help all Service 
Providers recognize valid Clickshare users. n 

33. A system as in claim 29, wherein the authentication protocol 
implements a challenge-response protocol. 

Oliver does not specifically speak of a challenge-response protocol in the sense implied by Teper, but 
the interactions between Clickshare user computers and Publishing Member sites, between user 
computers and Service Provider sites, and between Publishing Member sites and Clickshare/TVS are 
typically structured as a transmission followed by a response. 

34. A system as in claim 29, wherein the distributed network comprises 
the Internet. 

Oliver describes the distributed network as u a public network 19 or as "the Internet. " 
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PROVIDING FEE-BASED ONLINE SERVICE OVER DISTRIBUTED NETWORK 
WHILE CONCEALING PAYMENT/PERSONAL INFORMATION OF USERS 

35. A method providing a fee-based online service from a Service 
Provider (SP) site to a user over a distributed network while 
concealing the payment and personal information of the user from the 
Service Provider, comprising the steps of: 

providing an online broker site that provides an online brokering 
service, the online broker site having a brokering database which 
contains account information on the user and on other users of the 
online brokering service, the online broker site located remotely from 
the SP site; 

sending an access request from a computer of the user ("user 
computer") over the distributed network to the SP site; 
sending an authentication request from the SP site to the online 
broker site in response to the access request; 
prompting the user for a user identifier at the user computer and 
sending the user identifier to the online broker site; 
authenticating the user at the online broker in response to the 
authentication request, the step of authenticating comprising using 
the user identifier sent from the user computer to access the account 
information stored within the brokering database; 
sending a verification message from the online broker site to the SP 
site in response to the authentication request, the verification 
message indicating whether the step of authenticating was successful; 
retrieving access rights data of the user from the brokering database 
if the step of authenticating is successful, the access rights data 
specifying a plurality of access rights of the user with respect to 
the online service and/or the SP site; 

sending the plurality of access rights data from the online broker 
site to the SP site to anonymously inform the SP site of the access 
rights of the user; 

providing the fee-based online service from the SP site to the user 
computer over the distributed network only if the verification message 
indicates that the step of authenticating was successful; 
generation a billing event at the SP site and sending the billing 
event to the online broker site, the billing event anonymously 
identifying the user to the online brokering service, the billing 
event including a charge for the providing of the online service to 
the user computer; and 

updating an account of the user at the online broker site to reflect 
the charge included within the billing event. 



Oliver describes a method providing for payment for information services or objects (fee-based online 
service) from a Clickshare Publishing Member (SP) website to a user over the Internet (distributed 
network) while concealing the payment and personal information of the user from the Publishing 
Member (SP), comprising the steps of: 

Providing a Clickshare/TVS backend (online broker site) which provides a token-validation service 
(online brokering service) the TVS (online broker site) having a dynamic-session database 
(brokering database) which contains preference, profile and service-class (account) information on 
the user and the other users of the Clickshare TVS Services* Service Providers, the TVS backend 
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(online broker site) located remotely from the Publishing Member (SP) site; 
Sending an access request from a computer of the user over the public (distributed) network to the 

Clickshare Publishing Member (SP) site- 
Sending an authentication request from the Clickshare Publishing Member (SP) site to the TVS backend 

(online broker site) in response to the access request; 
If the user is not validated by the TVS backend in response to the access request sent by the Publishing 
Member (SP) site, prompting the user for a user name/password or other user identifier and using 
the identifier to redirect the user to begin a session via the Clickshare Service Provider where the 
user is registered, then taking the unique token generated by the registration process and 
submitting it to the Clickshare/TVS backend for validation; 
Then validating (authenticating) the user at the Clickshare/TVS backend (online broker) in response to 
the validation request, the step of validating comprising using the token key generated originally by 
the Clickshare/TVS at the user's session start and submitting it from the Clickshare Publishing 
Member back to the Clickshare/TVS for validation in order to access the user preference, profile 
and service-class (account) information stored in the Clickshare/TVS dynamic session database 
(brokering database); 

Then sending a validation message from the Clickshare/TVS (online broker site) to the Clickshare 

Publishing Member (SP) site in response to the validation (authentication) request, the validation ^ 
message indicating whether the step of validation (authentication) was successful; 

And simultaneously retrieving and 

sending along with the validation message, if successful, at least the user service-class (access-rights) 
data specifying a plurality of access rights of the user with respect to the information (online) 
service and/or the Publishing Member (SP) site; 

Then providing the fee-based (information) service or object from the Publishing Member site to the 
user computer over the public (distributed) network or Internet, only if the authentication 
(verification message) was successful; 

Then generating an enhanced log report (billing event) at the Publishing Member (SP) site and sending 
the log report/billing event to the Clickshare/TVS (online broker site), the log report uniquely 
(anonymously) identifying (by means of a unique alphanumeric string assigned by the user's 
Clickshare Service Provider), to the Clickshare/TVS (online broker), the log report (billing event) 
including a charge for providing of the information (online) service or object to the user computer 
and 

Adding to a database of aggregated log reports (updating an account of the user) at the 

Clickshare/TVS backend (online broker site) the log report containing the charge for the object 
(service). 

36. A method as in claim 35, further comprising the step of providing 
an account statement from the online broker site to the user computer 
over at-least the distributed network, the account statement 
reflecting the charge included in the billing event. 

Oliver does not describe a method for providing an account statement from the Clickshare/TVS (online 
broker site) to the user computer. Oliver teaches a system further comprising a billing system for 
allowing the Clickshare Publishing Member (SP) sites to charge the registered users of Clickshare 
Service Providers for access to the information (online) services of the Clickshare Publishing Member 
site by sending enhanced log records (billing events) to the Clickshare/TVS (online brokering service), 
the billing system including a centralized logging daemon (database) for recording enhanced log 
records (billing events) for periodic aggregation, sorting and charging to the accounts of Clickshare 
Service Providers, who in turn may charge their registered users. 

Oliver at Page 47, Lines 12-20: 
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"(5.7.75. Depending upon the version of TVS, CALSa also copies a log report to a 
real-time metering and billing utility which will permit: (a) The end-using CMa to 
request and review records of current session access by clicking to an address on a 
web server at CSPa. The request generates a call from CSPa to CALSa for current- 
session access logs for end-user CMa. The logs are then parsed against credit/debit 
account status, pricing and service-class rules maintained by CSPa for its end-users, 
and fed into a dynamically-generated page shown to the user; or, (b) The assembly 
and transmission by CSPa via Email to the end user once in each 24-hour cycle a 
compilation of all TVS-enabied resource purchases or accesses during the previous 
period from data provided on a batch basis from CALSa. This permits the end-user to 
verify and/or dispute charges shortly after they are incurred." 



A DISTRIBUTED-USER MANAGEMENT SERVICE FOR ALLOWING ANONYMOUS PURCHASE 
OF INFORMATION SERVICES OR OBJECTS FROM MULTIPLE WEBSITE PROVIDERS 



37. An online brokering service for allowing users of a public network 
to anonymously purchase online services from Service Provider (SP) 
sites on the public network, the online brokering service provided 
from an online broker site that is located remotely from the SP sites, 
the online brokering service comprising: 

a database which contains account information of users that have 
registered with online brokering service, the account information 
including at least a unique identifier of each registered user; 
a billing system for recording monetary charges to accounts of 
registered users, the monetary charges corresponding to online 
services purchased from the SP sites over the public network; and 
a software package running at the online broker site, the software 
package performing at least the following functions: 

(a) authenticating registered users in response to authentication 
requests received from the SP sites, the authentication requests 
generated in response to attempts by registered users to access online 
services of the SP sites, said authenticating comprising accessing the 
database to verify user account information; 

(b) receiving user-specific billing events from the SP sites and 
passing the billing events to the billing system to update the 
accounts of registered users, each billing event specifying at least 
(1) an anonymous ID of a registered user, and (2) a charge to be 
applied to the account of the registered user; and 

(c) retrieving user-specific access rights data from the database in 
response to requests from the SP sites and transmitting the access 
rights data to the SP sites, the access rights data specifying a 
plurality of content categories or services to which a registered user 
has access and enabling the SP sites to provide customized access 
rights to the registered users. 



Oliver describes Clickshare/TVS Service, which is a distributed-user management (online brokering) 
service for allowing users of a public network to anonymously purchase information (online) services or 
objects from Clickshare Publishing Member (SP) sites on the public network, the TVS Service (online 
brokering service) providing for a TVS backend (online broker site) that is located remotely from the 
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Clickshare Publishing Member (SP) sites the TVS Service comprising: 

A dynamic-session database (database) which contains preference, profile and service-class (account) 
information of users that have registered with Service Providers of the Clickshare/TVS Service, said 
information including at least a unique identifier of each registered user; 

A billing system for recording enhanced log records including monetary charges at the Clickshare/TVS 
backend for ultimate application by Clickshare Service Providers to the accounts of their registered 
users, the monetary charges corresponding to information (online) services or objects purchased 
from the Publishing Member (SP) sites over the public network; and 

A software package running on the Clickshare/TVS backend, the software package performing at least 
the following functions: 

(a) Validating (authenticating) registered users in response to validation requests from the Publishing 
Member (SP) sites, the validation (authentication) requests generated in response to attempts by 
registered user to access information (online) services or objects of the Publishing Member (SP) 
sites, said validation comprising accessing the dynamic-session database of the Clickshare/TVS 
backend to verify that it contains user preference, profile and/or service-class (account) 
information; 

(b) Receiving user-specific enhanced log reports (billing event) from the Publishing Member (SP) sites 
and passing the enhanced log reports to the Clickshare/TVS backend for aggregation and sorting in 
a logging database (billing system), ultimately to be provided to Clickshare Service Providers for 
updating the accounts of their users, each enhanced log report (billing event) specifying at least (I) 
an anonymous ID of a registered user, and (2) a monetary value to be used to calculate a charge, 
if any, to be applied to the account of the registered user; and 

(c) Retrieving user-specific service-class (access rights) data from the dynamic session database in 
response to requests from the Publishing Member (SP) sites and transmitting the service-class 
(access-rights) data which may reference a plurality of content directories (categories) or services 
to which a registered user has access, and enabling the Publishing Member (SP) sites to provide 
customized access rights to the registered users. 

38. An online brokering service as in claim 37, wherein the software 
package further performs the function of: 

retrieving user-specific customization data from the database in 
response to requests from the SP sites and transmitting the 
customization data to the SP sites, the customization data indicating 
user specified preferences for enabling the SP sites to provide user 
customized online services. 

Oliver describes an Internet distributed-user management (online brokering) service wherein the 
software package further performs the function of retrieving user-specific preference, profile or service- 
class (customization) data from the dynamic-session database in response to requests from Clickshare 
Publishing Member (SP) sites and transmitting such data to the Publishing Member (SP) sites, said 
data being interpretable as preferences for enabling the Publishing Member (SP) sites to provide user- 
customized services. 

39. An online brokering service as in claim 37, wherein the billing 
system comprises a software module for allowing the registered user to 
remotely access an online billing statement, the online billing 
statement reflecting billing events received by the online broker site 
from multiple different SP sites. 
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Oliver describes an Internet distributed-user management (online brokering) service wherein the billing 
system comprises a software module for allowing the registered user to remotely access an online 
billing statement, the online billing statement reflecting billing events received by the Clickshare/TVS 
Service from multiple different SP sites. 

Oliver at Page 47, lines 12-20: 

"6.1.13. Depending upon the version of TVS, CALSa also copies a log report to a 
real-time metering and billing utility which will permit: (a) The end-using CMa to 
request and review records of current session access by clicking to an address on a 
web server at CSPa. The request generates a call from CSPa to CALSa for current- 
session access logs for end-user CMa. The logs are then parsed against credit/debit 
account status, pricing and service-class rules maintained by CSPa for its end-users, 
and fed into a dynamically-generated page shown to the user; or, (b) The assembly 
and transmission by CSPa via Email to the end user once in each 24-hour cycle a 
compilation of all TVS-enabled resource purchases or accesses during the previous 
period from data provided on a batch basis from CALSa. This permits the end-user to 
verify and/or dispute charges shortly after they are incurred." 

40. An online brokering service as in claim 37, wherein the public 
network comprises the Internet. 

Oliver describes the distributed network as u a public network" or as "the Internet. * 

41. A virtual online services network for allowing users to directly 
access service provider (SP) sites over a public network, comprising: 
an online brokering service running on at least one site of a computer 
network, the online brokering service storing account and billing 
information for a plurality of users of the public network, each of 
the users having a respective account with the online brokering 
service, the online brokering service providing online access by the 
users to account-specific billing information; 

a plurality of fee-based online services running on a plurality of 
independent service provider (SP) sites on the public network, the SP 
sites directly accessible to the users over the public network, each 
SP site being registered with the online brokering service and being 
configured to use the online brokering service to authenticate the 
users when the users connect to the SP sites over the public network, 
the fee-based services configured to generate account-specific billing 
events in response to uses of the online services by the users and to 
forward the billing events to the online brokering service so that the 
users are billed for the online services from a centralized billing 
location; and 

a log-on protocol which allows the users to access the plurality of 
online services using their respective accounts with the online 
brokering service, the log-on protocol configured to (1) prompt a user 
for an account identifier, (2) cache the account identifier during the 
course of a user log-on session, and (3) use the cached account 
identifier to access multiple different SP sites, the log-on protocol 
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thereby allowing the user to seemlessly access the plurality of 
fee-based online services following a single log-on event; 
wherein the online brokering service stores user-specific access 
rights data, and provides the access rights data specifying access 
rights for a plurality of online services for a specific user to the 
SP sites in response to requests from the SP sites, and wherein the 
fee-based online services are configured to use the access rights data 
to automatically provide user-customized services to the users. 

Oliver describes a distributed user-management service (virtual online services network) for allowing 
users to directly access Publishing Member (SP) sites over a public network, comprising: 

An Clickshare/TVS service running on at least one site of a public (computer) network, the TVS service 
storing preference, profile and service-class (account and billing) information for a plurality of 
users of the public network, each of the users have a respective account with the Service Providers 
affiliated with the Clickshare/TVS (online brokering) service, the Clickshare/TVS Service; and, 

A plurality of fee-based information (online) services running on a plurality of independent Publishing 
Member (SP) sites on the public network, the SP sites directly accessible to the users over the 
public network, each SP site being registered with the Clickshare/TVS (online brokering) service 
and being configured to use the Clickshare/TVS to validate (authenticate) the users when the users 
connect to the Publishing Member (SP) sites over the public network, the fee-based services being 
configured to generate account-specific enhanced log records (billing events) in response to uses of 
the information (online) services by the users and to forward the log records (events) to the 
Clickshare/TVS (online brokering) service so that the users of Clickshare Service Providers may be 
billed for the information (online) services by their Service Providers; and 

A log-on protocol which allows the users to access the plurality of information (online) services using 
their respective accounts with their Clickshare Service Provider (online service), the long-on 
protocol being configured to (1) have their Clickshare Service Provider prompt at log-in for a 
unique account identifier, typically a user name and password, (2) cache the user name/password 
during the course of a user log-on session, and (3) use the cached account identifier to access 
multiple different Publishing Member (SP) sites, the log-on protocol thereby allowing the user to 
seamlessly access the pluraility of fee-based information (online) services following a single log-on 
event; 

Wherein the Clickshare TVS backend stores user-specific service-class (access rights) data, and provides 
the service-class (access rights) data specifying access rights for a plurility of online services for a 
specific user to the Clickshare Publishing Member (SP) sites in response to requests from the 
Publishing Member (SP) sites, and wherein the fee-based information (online) servicies may be 
configured to use the service-class (access rights) data to automatically provide user-customized 
services to the users. 

42. A virtual online services network as in claim 41, wherein the 
log-on protocol is implemented by respective software components 
stored on (1) the SP sites, (2) the at least one site of the online 
brokering service, and (3) computers of the users. 

Oliver describes a distributed-user management service (network) wherein the log-on protocol is 
implemented by respective software components stored on(l) the Publishing Member (SP) sites, (2) at 
least one site of the Token Validation Service backend (online brokering service), (3) the computers of 
the users and (4) at the Clickshare Service Provider site where the user is registered and which holds 
the user's account and billing information. 

Oliver at Page 12, lines 20-25; Page 13, Lines 1-2: 
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"Clickshare believes that centralization of the user base for the purpose of 
unified registration, profiling, or measurement is a potentially non-scalable, 
performance-limiting approach to user management. In the TVS system, the user base 
is managed at the "local" (publisher/service provider) level. This has technical, 
sociological and financial advantages. One specific advantage is that the individual 
publisher/ service provider is in control of the customer billing relationship. The system 
thus presupposes multiple billing agents and requires no centralized database of user- 
specific demographic data. m 

Oliver at Page 48, Lines 1-7: 

"7.1. CONTENT REQUEST + USER AUTHENTICATION 

"To begin, the user points his WWW browser to the home page set up for him 
at his "home" Publishing Member (step 1). This page has been designated as 
"authentication required" by the Publishing Member, so the user's browser receives 
back from the Publishing Member's HTTP server an appropriate status message. The 
browser prompts the user for his user-name and password, which it then returns to the 
HTTP server as Request Header information. n 

Oliver at Page 48, Lines 13-25; Page 49, Lines 1-7: 

"7.2 PROFILE "REGISTRATION" AND TOKEN REQUEST 

"Once the HTTP server has obtained the user's Authentication information and 
has validated it locally, the HTTP server contacts TVS with a request for a new 
Authentication Token. In making this request, the HTTP server sends the user's profile 
to TVS with a request for a new Authentication Token. This profile information (along 
with other per-user information) is stored in each publisher's registration database. n 

u 73 TOKEN GENERATION AND RETURN 

"TVS uses information from the user's profile to build the Authentication token. 
For example, the user's service class information is used to determine what the token 's 
validity period will be. The Authentication Token has an encrypted "pay load" and is 
"uuencoded" and "sanitized" to accommodate the Web URL naming syntax where 
required. The token is "opaque" to both the HTTP server and to the Web browser 
client. 

"TVS uses private-key encryption technology which is well-known to the 
Internet community and unencumbered by patent or export restrictions to the best of 
our knowledge. " 

"7.4 CONTENT AND AUTHENTICATION RETURN 
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"When the HTTP server receives the returned token, it is ready to deliver the 
requested content (as well as the token) to the requesting client. The content is 
delivered in the canonical HTTP method (accompanied by MIME Response Headers as 
appropriate). The Authentication token can be delivered to the user's client program 
(Mosaic, Netscape, Lynx, an "agent", etc.) in several ways. ~ 

Oliver at Page 50, Lines 1-21: 

"7.6 USER VERIFICATION 

"The HTTP server contacts the TVS server to verify that the provided token is 
valid (that is, this is a valid user and a valid session). m 

"7. 7 VERIFICATION AND PROFILE RETURN 

"The TVS server receives the request, and verifies it using the internal 
databases it has constructed from the information provided when Authentication 
Tokens are issued. As an acknowledgment, TVS returns the user's profile information 
to the HTTP server. 

"7. 8 CONTENT RETURN 

"The HTTP server uses the profile information to determine how best to 
respond to the user's request. In some cases, information in the profile may indicate 
that the server should not respond ~ or warn the user about the cost of nature of the 
information requested. The profile information returned to the HTTP server can be 
used by the server itself to fulfill the request (typically the case with standard "static" 
file service requests), and is also made available as part of the execution environment 
for Common Gateway Interface (CGI) scripts. 

"7.9 CONTENT ACCESS LOGGING 

"After the HTTP server has returned the requested content to the user, this 
access is logged to the TVS service. A canonical log format is currently used, with 
information added in keyword=vatue form at the end of the record. 

"Steps 7.5 though 7.9 are repeated for every content! service request within a 
session when the user requests content from another TVS-enabled publisher. Requests 
sent to other (non-affiliated) HTTP servers are not affected. " 



43. A virtual online services network as in claim 41, wherein the 
log-on protocol includes a challenge-response authentication protocol 
for allowing the SP sites to authenticate the users. 

Op. Cit., Claim No. 33: Oliver does not specifically speak of a challenge-response protocol in the 
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sense implied by Teper, but the interactions between Clickshare user computers and Publishing Member 
sites, between user computers and Service Provider sites, and between Publishing Member sites and 
Clickshare/TVS are typically structured as a transmission followed by a response. 



Oliver at Page 48, lines 7-5/ 

"7.1. CONTENT REQUEST + USER AUTHENTICATION 

"To begin, the user points his WWW browser to the home page set up for him 
at his "home" Publishing Member (step 1). This page has been designated as 
"authentication required" 9 by the Publishing Member, so the user's browser receives 
back from the Publishing Member's HTTP server an appropriate status message. The 
browser prompts the user for his user-name and password, which it then returns to the 
HTTP server as Request Header information. 

"TVS does not affect the authentication model used by the HTTP server. m 

44. A virtual online services network as in claim 41, wherein the 
public network comprises the Internet. 

Oliver describes the distributed network as "a public network" or as u the Internet. " 

45. An apparatus comprising: 

A broker server operatively connected to a computer network, the 
broker server having a processor and a computer readable memory, the 
memory storing broker server implementation software, including 
customer access software, site linking software to link customers to 
selected sites on the computer network and at least one data 
structure; 

the at least one data structure including a list of registered 
customers along with corresponding ID and payment information, and 
including a list of online sites with their corresponding linking 
information, the list of online sites being a subset of the sites 
available to users of the computer network, the at least one data 
structure further including access rights to a plurality of online 
services provided by at least one online site within the list of 
online sites; 

whereby the broker server facilitates seamless connection between a 
selected customer from its list of customers and a selected online 
site from the listed online sites to create a virtual online service, 
including providing the selected customer's access rights to the 
plurality of online services provided by the selected online site. 

Oliver describes a Clickshare/TVS (broker) server connected to a computer network, but does not 
describe the details of the apparatus; 

Oliver describes a dynamic session database structure (data structure) including a list of unique 
identifying alphanumeric strings of currently authenticated registered customers of Service 
Provider affiliates, along with certain preference or profile attributes unique to each such 
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customer, and including a list of information (online) sites, with their corresponding linking 
information, the list of such information (online) sites being a subset of the sites available to users 
of the computer network, and the database (data) structure including service-class attributes 
(access rights) to a plurality of information (online) services provided by at least one information- 
providing (online) site within the list of such information sites; 
Whereby the Clickshare/TVS (broker) server facilitates seamless connection between a selected customer 
from its dynamic session database (list) of customers and a selected information-vending (online) 
site from the listed information (online) sites to create a distributed-user management (virtual 
online) service, including providing the selected customer's service-class preferences (access 
rights) to the plurality of information (online) services provided by the selected information-vending 
(online) site. 

46. An apparatus as in claim 45, wherein the computer network is a 
public network which comprises the Internet, and wherein the online 
sites are World Wide Web sites of the Internet. 

Oliver describes as a reference or preferred implementation a public network comprising the Internet, 
wherein the information-vending (online) sites are World Wide Web sites of the Internet. 

************* 
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